<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
    "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta name="generator" content="AsciiDoc 8.6.8" />
<link rel="Shortcut Icon" href="/images/favicon.ico" type="image/x-icon" />
<title></title>
<link rel="stylesheet" href="asciidoc.css" tppabs="http://old.peachfuzzer.com/asciidoc.css" type="text/css" />
<link rel="stylesheet" href="website.css" tppabs="http://old.peachfuzzer.com/website.css" type="text/css" />
</head>

<body>

<div id="layout-menu-box">
<div id="layout-menu">
  <div><a href="WhatIsPeach.html" tppabs="http://old.peachfuzzer.com/WhatIsPeach.html">What is Peach</a></div>
  <div><a href="Installation.html" tppabs="http://old.peachfuzzer.com/v3/Installation.html"><b>Installing</b></a></div>
  <div><a href="PeachQuickStart.html" tppabs="http://old.peachfuzzer.com/v3/PeachQuickStart.html"><b>Tutorials</b></a></div>
  <div><a href="Methodology.html" tppabs="http://old.peachfuzzer.com/Methodology.html">Methodology</a></div>
  <div><a href="Introduction.html" tppabs="http://old.peachfuzzer.com/Introduction.html">Introduction</a></div>
  <div><a href="Training.html" tppabs="http://old.peachfuzzer.com/Training.html">Training</a></div>
  <div><a href="javascript:if(confirm(%27http://www.dejavusecurity.com/peach.html  \n\nThis file was not retrieved by Teleport Ultra, because it is addressed on a domain or path outside the boundaries set for its Starting Address.  \n\nDo you want to open it from the server?%27))window.location=%27http://www.dejavusecurity.com/peach.html%27" tppabs="http://www.dejavusecurity.com/peach.html">Enterprise</a></div>
  <div><a href="FAQ.html" tppabs="http://old.peachfuzzer.com/v3/FAQ.html">FAQ</a></div>
  <div><a href="javascript:if(confirm(%27http://forums.peachfuzzer.com/forum.php  \n\nThis file was not retrieved by Teleport Ultra, because it is addressed on a domain or path outside the boundaries set for its Starting Address.  \n\nDo you want to open it from the server?%27))window.location=%27http://forums.peachfuzzer.com/forum.php%27" tppabs="http://forums.peachfuzzer.com/forum.php">Support Forums</a></div>

  <div><h5>Peach 3</h5></div>
  <div><img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><a href="PeachPit.html" tppabs="http://old.peachfuzzer.com/v3/PeachPit.html">Peach Pits</a></div>
  <div>&nbsp;<img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><a href="GeneralConfiguration.html" tppabs="http://old.peachfuzzer.com/v3/GeneralConfiguration.html">General Conf</a></div>
  <div>&nbsp;<img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><a href="DataModeling.html" tppabs="http://old.peachfuzzer.com/v3/DataModeling.html">Data Modeling</a></div>
  <div>&nbsp;<img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><a href="StateModel.html" tppabs="http://old.peachfuzzer.com/v3/StateModel.html">State Modeling</a></div>
  <div>&nbsp;<img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><a href="AgentsMonitors.html" tppabs="http://old.peachfuzzer.com/v3/AgentsMonitors.html">Agents</a></div>
  <div>&nbsp;&nbsp;<img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><a href="AgentsMonitors.html" tppabs="http://old.peachfuzzer.com/v3/AgentsMonitors.html">Monitors</a></div>
  <div>&nbsp;<img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><a href="TestConfig.html" tppabs="http://old.peachfuzzer.com/v3/TestConfig.html">Test</a></div>
        <div>&nbsp;&nbsp;<img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><a href="Publisher.html" tppabs="http://old.peachfuzzer.com/v3/Publisher.html">Publishers</a></div>
  <div>&nbsp;&nbsp;<img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><a href="Logger.html" tppabs="http://old.peachfuzzer.com/v3/Logger.html">Loggers</a></div>
  <!-- <div>&nbsp;<img src="/images/1.gif" /><a href="/v3/DebuggingPitFiles.html">Debugging Pits</a></div> -->
  <!-- <div>&nbsp;<img src="/images/1.gif" /><a href="/v3/ValidatingPitFiles.html">Validating Pits</a></div> -->
  <div><img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><a href="RunningPeach.html" tppabs="http://old.peachfuzzer.com/v3/RunningPeach.html">Running</a></div>
  <!-- <div><img src="/images/1.gif" /><a href="/v3/ParallelPeach.html">Parallel</a></div> -->
  <!-- <div><img src="/images/1.gif" /><a href="/v3/ExtendingPeach.html">Extending</a></div> -->
  <div><img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><a href="minset.html" tppabs="http://old.peachfuzzer.com/v3/minset.html">Minset</a></div>

  <div><h5><a href="peach23.html" tppabs="http://old.peachfuzzer.com/v2/peach23.html">Peach 2.3</a></h5></div>

  <div><hr/></div>

  <div><a href="License.html" tppabs="http://old.peachfuzzer.com/License.html">License</a></div>
</div>
</div>
<div id="layout-content-box">
<div id="layout-banner">
  <div id="layout-title">
    <a href="index.htm" tppabs="http://old.peachfuzzer.com/"><img src="peach_fuzzer.png" tppabs="http://old.peachfuzzer.com/images/peach_fuzzer.png" height="100" /></a>
    <a href="javascript:if(confirm(%27http://www.dejavusecurity.com/peach.html  \n\nThis file was not retrieved by Teleport Ultra, because it is addressed on a domain or path outside the boundaries set for its Starting Address.  \n\nDo you want to open it from the server?%27))window.location=%27http://www.dejavusecurity.com/peach.html%27" tppabs="http://www.dejavusecurity.com/peach.html" class="layout-inner-banner-right">
                <img height="50" src="dejavusecurity.png" tppabs="http://old.peachfuzzer.com/images/dejavusecurity.png" /></a>
  </div>

  <div id="layout-description">
  <script>
  (function() {
    var cx = '007028538774543840348:g-0dlrdlmxs';
    var gcse = document.createElement('script'); gcse.type = 'text/javascript'; gcse.async = true;
    gcse.src = (document.location.protocol == 'https:' ? 'https:' : 'http:') +
        '//www.google.com/cse/cse.js?cx=' + cx;
    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(gcse, s);
  })();
</script>
<gcse:search></gcse:search>
      </div>
</div>
<div id="layout-content">
<div id="content">
<div class="sect1">
<h2 id="_peach_introduction">Peach Introduction</h2>
<div class="sectionbody">
<div class="paragraph"><p>The Peach Fuzzing Platform was designed to speed up the development of fuzzers
for both security researchers, security teams, consultants and
companies.  Peach accomplishes this by separating out modeling of the data and
state systems being fuzzed and the actual fuzzing engine.  Peach also provides a robust
agent/monitoring system to allow for monitoring a fuzzing run, detecting faults
(bugs), etc.  All the major components of Peach are pluggable and extensible
allowing for infinite flexibility.</p></div>
<div class="paragraph"><p>For the security researcher, Peach provides the ability to create custom fuzzing
strategies and data modifiers (mutators).  The combination of this allows full
control over how fuzzing is performed.  This allows the security researcher to compare different approaches to fuzzing without having to re-write everything from scratch.</p></div>
<div class="paragraph"><p>Peach has the following high level concepts:</p></div>
<div class="paragraph"><p><em>Modeling</em>&#8201;&#8212;&#8201;Peach operates by applying fuzzing to models of data and state.
There is a heavy focus on data modeling and state modeling in Peach.
For the average Peach user this is were most of the time is spent.  The level of
detail placed into the models will distinguish between a dumb Peach fuzzer and a
smart Peach fuzzer.</p></div>
<div class="paragraph"><p><em>Publisher</em>&#8201;&#8212;&#8201;Publishers are I/O interfaces.  They take the abstract concepts
of input, output, call, etc. as seen in the state modeling and provide the
actual transport or implementation.  A number of Publishers are included with
Peach that provide the ability to write to files, connect over TCP, UDP or other
network protocols, make web requests, or even call COM object.  It is easy to
create custom Publishers.</p></div>
<div class="paragraph"><p><em>Fuzzing Strategy</em>&#8201;&#8212;&#8201;The fuzzing strategy is the logic around how we are going
to perform our fuzzing.  Are we going to modify one data element at a time, or
many?  Which mutators will we use?  Will we modify some parts of our model more
than others?  Will we change the flow of our state model?  The only thing a
strategy does not typically do is produce actual data.  This is left to the
mutators.</p></div>
<div class="paragraph"><p>Several fuzzing strategies are included with Peach which should be sufficient
for the majority of users.</p></div>
<div class="paragraph"><p><em>Mutators</em>&#8201;&#8212;&#8201;Mutators are used to produce data.  They can use the existing
default value and modify it, or produce completely new data.  Mutators tend to
contain very simple logic and should perform a single type of mutation.
Examples of mutators would be: "Produce number from current value - 50 to
current value + 50."  or "Produce string that vary in length from 1 to 10,000
characters."  or "Produce 500 random numbers between 0 and int32."</p></div>
<div class="paragraph"><p><em>Agents</em>&#8201;&#8212;&#8201;Agents are special Peach processes that can run locally or remotely
and host one or more <a href="AgentsMonitors.html" tppabs="http://old.peachfuzzer.com/v3/AgentsMonitors.html">Monitors</a> or remote Publishers.  Agents
are the basis for the robust monitor facility provided by the Peach Fuzzing
Platform and allow for monitoring simple fuzzing configurations through very
complex systems that have a many tiers.  A Peach fuzzer can make use of zero or
more agents.</p></div>
<div class="admonitionblock">
<table><tr>
<td class="icon">
<div class="title">Note</div>
</td>
<td class="content">Agents can be used for fault detection, data collection, and instrumentation of
targets involved in the fuzzing run. They do not host fuzzing engines themselves, nor do
they play a part in parallel or distributed fuzzing. Agents can also host <a href="Remote.html" tppabs="http://old.peachfuzzer.com/v3/Publishers/Remote.html">Remote Publishers</a> as well.</td>
</tr></table>
</div>
<div class="paragraph"><p><em>Monitors</em> &#8201;&#8212;&#8201;Monitors run inside of Peach Agent processes and perform utility
tasks like taking captures of network traffic during a fuzzing iteration, or
attaching a debugger to a process to detect crashes, or even re-starting a
network service if it crashes or stops.  A number of monitors are included with
Peach, and it&#8217;s easy to write and include new monitors.</p></div>
<div class="paragraph"><p><em>Logger</em>&#8201;&#8212;&#8201;A logging facility to save crashes and fuzzing run information.
Peach comes with a file system logger by default.</p></div>
<div class="sect2">
<h3 id="_fuzzing_with_peach">Fuzzing With Peach</h3>
<div class="paragraph"><p>Peach provides a fuzzing engine with robust monitoring capabilities, however
some work is left up to the user.  The following are the main steps needed to
fuzz a target with Peach:</p></div>
<div class="olist arabic"><ol class="arabic">
<li>
<p>
Create Models
</p>
</li>
<li>
<p>
Select/Configure Publisher
</p>
</li>
<li>
<p>
Configure Agents/Monitors
</p>
</li>
<li>
<p>
Configure Logging
</p>
</li>
</ol></div>
</div>
</div>
</div>
</div>
<div id="footnotes"></div>
<div id="footer">
<div id="footer-text">

<table width="100%">
<td><td>
<a href="javascript:if(confirm(%27http://dejavusecurity.com/  \n\nThis file was not retrieved by Teleport Ultra, because it is addressed on a domain or path outside the boundaries set for its Starting Address.  \n\nDo you want to open it from the server?%27))window.location=%27http://dejavusecurity.com/%27" tppabs="http://dejavusecurity.com/"><img src="dejavusecurity.png" tppabs="http://old.peachfuzzer.com/images/dejavusecurity.png" height="50"/></a>
</td><td>&nbsp;&nbsp;&nbsp;</td><td>

Copyright (c) <a href="javascript:if(confirm(%27http://dejavusecurity.com/  \n\nThis file was not retrieved by Teleport Ultra, because it is addressed on a domain or path outside the boundaries set for its Starting Address.  \n\nDo you want to open it from the server?%27))window.location=%27http://dejavusecurity.com/%27" tppabs="http://dejavusecurity.com/">Deja vu Security</a> <br/>
Last updated 2014-02-23 21:24:25 PST
</td>
</table>

<script type="text/javascript">

  var _gaq = _gaq || [];
  _gaq.push(['_setAccount', 'UA-1094513-10']);
  _gaq.push(['_trackPageview']);

  (function() {
    var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
    ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www/') + '.google-analytics.com/ga.js';
    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
  })();

</script>
</div>
</div>
</div>
</div>
</body>
</html>
